From: <ma...@ne...> - 2013-11-24 05:36:39
|
Squirrelmail has TLS support, but it lacks the ability to enforce server certificate validation. This leaves no defense against MiM attacks using a self-signed certificate. Here is how it could be fixed, for SMTP side. Connexion is established in class/deliver/Deliver_SMTP.class.php: $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); The stream_socket_client() function is an alternative to fsockopen() that appeared in PHP 5. It allows the caller to specify a context with various options: if (function_exists('stream_socket_client') { $remote = sprintf("ssl://%s:%d", $host, port); $opts = array( 'ssl' => array( 'verify_peer' => TRUE, 'verify_depth' => 5, 'cafile' => '/path/to/ca_file', ), ); $ctx = stream_context_create($opts); $timeout = ini_get("default_socket_timeout"); $stream = @stream_socket_client($remote, $errorNumber, $errorString, $timeout, STREAM_CLIENT_CONNECT, $ctx); } else { $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); } Of course '/path/to/ca_file' needs to be configurable, I can work on this if the idea is accepted. Also note that I changed tls:// to ssl://. Inside the bowels of PHP, tls:// causes OpenSSL's TLSv1_client_method() to be used. As its name suggests, this metho can only negociate TLSv1. ssl:// causes SSLv23_client_method() to be used. As its named does not suggests, it is able to negociate the highest protocol version avaialble, up to TLSv1.2 if the installed OpenSSL supports it. This causes much stronger ciphers to be used. For now Squirrelmail's usage of tls:// can be worked around by specifying a ssl:// prefixed $smtpServerAddress with $use_smtp_tls = false, but switching the code to ssl:// would immediatly improve everyone setup. I did not look at the IMAP side since I use imapproxy, and therefore Squirrelmail is not incharge of IMAP TLS, but the idea is the same. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
From: <ma...@ne...> - 2014-01-18 05:45:02
|
Hello I got no reply to the message below. Is there really no interest in certificate validation? Encrypting communication is of little interest if you are not sure of who you are talking with... Emmanuel Dreyfus <ma...@ne...> wrote: > Squirrelmail has TLS support, but it lacks the ability to enforce server > certificate validation. This leaves no defense against MiM attacks using > a self-signed certificate. > > Here is how it could be fixed, for SMTP side. Connexion is established > in class/deliver/Deliver_SMTP.class.php: > > $stream = > @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); > > The stream_socket_client() function is an alternative to fsockopen() > that appeared in PHP 5. It allows the caller to specify a context with > various options: > > if (function_exists('stream_socket_client') { > $remote = sprintf("ssl://%s:%d", $host, port); > $opts = array( > 'ssl' => array( > 'verify_peer' => TRUE, > 'verify_depth' => 5, > 'cafile' => '/path/to/ca_file', > ), > ); > $ctx = stream_context_create($opts); > $timeout = ini_get("default_socket_timeout"); > $stream = > @stream_socket_client($remote, $errorNumber, $errorString, > $timeout, STREAM_CLIENT_CONNECT, $ctx); > } else { > $stream = > @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); > } > > Of course '/path/to/ca_file' needs to be configurable, I can work on > this if the idea is accepted. > > Also note that I changed tls:// to ssl://. Inside the bowels of PHP, > tls:// causes OpenSSL's TLSv1_client_method() to be used. As its name > suggests, this metho can only negociate TLSv1. > > ssl:// causes SSLv23_client_method() to be used. As its named does not > suggests, it is able to negociate the highest protocol version > avaialble, up to TLSv1.2 if the installed OpenSSL supports it. This > causes much stronger ciphers to be used. > > For now Squirrelmail's usage of tls:// can be worked around by > specifying a ssl:// prefixed $smtpServerAddress with $use_smtp_tls = > false, but switching the code to ssl:// would immediatly improve > everyone setup. > > I did not look at the IMAP side since I use imapproxy, and therefore > Squirrelmail is not incharge of IMAP TLS, but the idea is the same. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
From: Paul L. <pa...@sq...> - 2014-01-20 04:17:53
|
On Sat, Nov 23, 2013 at 9:37 PM, Emmanuel Dreyfus <ma...@ne...> wrote: > Squirrelmail has TLS support, but it lacks the ability to enforce server > certificate validation. This leaves no defense against MiM attacks using > a self-signed certificate. > > Here is how it could be fixed, for SMTP side. Connexion is established > in class/deliver/Deliver_SMTP.class.php: > > $stream = > @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); > > The stream_socket_client() function is an alternative to fsockopen() > that appeared in PHP 5. It allows the caller to specify a context with > various options: > > if (function_exists('stream_socket_client') { > $remote = sprintf("ssl://%s:%d", $host, port); > $opts = array( > 'ssl' => array( > 'verify_peer' => TRUE, > 'verify_depth' => 5, > 'cafile' => '/path/to/ca_file', > ), > ); > $ctx = stream_context_create($opts); > $timeout = ini_get("default_socket_timeout"); > $stream = > @stream_socket_client($remote, $errorNumber, $errorString, > $timeout, STREAM_CLIENT_CONNECT, $ctx); > } else { > $stream = > @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); > } > > Of course '/path/to/ca_file' needs to be configurable, I can work on > this if the idea is accepted. > > Also note that I changed tls:// to ssl://. Inside the bowels of PHP, > tls:// causes OpenSSL's TLSv1_client_method() to be used. As its name > suggests, this metho can only negociate TLSv1. > > ssl:// causes SSLv23_client_method() to be used. As its named does not > suggests, it is able to negociate the highest protocol version > avaialble, up to TLSv1.2 if the installed OpenSSL supports it. This > causes much stronger ciphers to be used. > > For now Squirrelmail's usage of tls:// can be worked around by > specifying a ssl:// prefixed $smtpServerAddress with $use_smtp_tls = > false, but switching the code to ssl:// would immediatly improve > everyone setup. Indeed. If you care to send a diff, I'd be happy to commit it. > I did not look at the IMAP side since I use imapproxy, and therefore > Squirrelmail is not incharge of IMAP TLS, but the idea is the same. If you have the interest in addressing this, we'd appreciate it, but if not, that's fine and I would be happy to take care of it. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
From: Emmanuel D. <ma...@ne...> - 2014-01-20 09:16:32
|
On Sun, Jan 19, 2014 at 08:17:25PM -0800, Paul Lesniewski wrote: > > Squirrelmail has TLS support, but it lacks the ability to enforce server > > certificate validation. This leaves no defense against MiM attacks using > > a self-signed certificate. (...) > Indeed. If you care to send a diff, I'd be happy to commit it. Here is it: http://ftp.espci.fr/shadow/manu/sq-stream.patch I tested it with this configuration: $smtpServerAddress='smtp.example.net'; $smtpPort = 465; $use_smtp_tls = true; $smtpOptions['ssl']['verify_peer'] = true; $smtpOptions['ssl']['verify_depth'] = 3; $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion to abort, which suggests the thing works. Sendmail logs the TLS cipher used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL can do. There is just one small problem, with default timeout: having a null timeout cause CA validation to always fail. In that patch, I change a null tuimeout to abitrary value 30, but perhaps that should be configurable. While I am there, I made te same work on imapproxy. That was discussed and submitted on the relevant mailig list months ago, but it was not committed so far. Here is the latest patch, in case someone can check it in: http://ftp.espci.fr/shadow/manu/imapproxy4.patch -- Emmanuel Dreyfus ma...@ne... |
From: <ma...@ne...> - 2014-01-20 12:34:45
|
Hi You replied on the imapproxy patch, but not on the squirrelmail one. Was it committed, or is there something to improve? Emmanuel Dreyfus <ma...@ne...> wrote: > > Indeed. If you care to send a diff, I'd be happy to commit it. > > Here is it: > http://ftp.espci.fr/shadow/manu/sq-stream.patch > > I tested it with this configuration: > $smtpServerAddress='smtp.example.net'; > $smtpPort = 465; > $use_smtp_tls = true; > $smtpOptions['ssl']['verify_peer'] = true; > $smtpOptions['ssl']['verify_depth'] = 3; > $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; > > Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion > to abort, which suggests the thing works. Sendmail logs the TLS cipher > used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL > can do. > > There is just one small problem, with default timeout: having a > null timeout cause CA validation to always fail. In that patch, > I change a null tuimeout to abitrary value 30, but perhaps that > should be configurable. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
From: Paul L. <pa...@sq...> - 2014-01-21 01:56:38
|
On Mon, Jan 20, 2014 at 1:16 AM, Emmanuel Dreyfus <ma...@ne...> wrote: > On Sun, Jan 19, 2014 at 08:17:25PM -0800, Paul Lesniewski wrote: >> > Squirrelmail has TLS support, but it lacks the ability to enforce server >> > certificate validation. This leaves no defense against MiM attacks using >> > a self-signed certificate. > (...) >> Indeed. If you care to send a diff, I'd be happy to commit it. > > Here is it: > http://ftp.espci.fr/shadow/manu/sq-stream.patch > > I tested it with this configuration: > $smtpServerAddress='smtp.example.net'; > $smtpPort = 465; > $use_smtp_tls = true; > $smtpOptions['ssl']['verify_peer'] = true; > $smtpOptions['ssl']['verify_depth'] = 3; > $smtpOptions['ssl']['cafile'] = '/etc/openssl/certs/ca.crt'; > > Using the wrong CA in $smtpOptions['ssl']['cafile'] cause the connexion > to abort, which suggests the thing works. Sendmail logs the TLS cipher > used as being ECDHE-RSA-AES256-GCM-SHA384, which is the best OpenSSL > can do. http://sourceforge.net/p/squirrelmail/code/14427 http://sourceforge.net/p/squirrelmail/code/14429 I also added same support on the IMAP side. Thanks again, -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
From: <ma...@ne...> - 2014-01-21 02:57:43
|
Paul Lesniewski <pa...@sq...> wrote: > http://sourceforge.net/p/squirrelmail/code/14427 > http://sourceforge.net/p/squirrelmail/code/14429 Thanks. I understand I have to use $smtpSslOptions['cafile'] instead of $smtpOptions['ssl']['cafile'] That makes impossible to set up other socket options documented here: http://fr2.php.net/manual/fr/context.socket.php I did not meant to use them, but I just note the change, in case you did not make it on purpose. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
From: Paul L. <pa...@sq...> - 2014-01-21 03:48:21
|
On Mon, Jan 20, 2014 at 7:01 PM, Emmanuel Dreyfus <ma...@ne...> wrote: > Paul Lesniewski <pa...@sq...> wrote: > >> http://sourceforge.net/p/squirrelmail/code/14427 >> http://sourceforge.net/p/squirrelmail/code/14429 > > Thanks. I understand I have to use > $smtpSslOptions['cafile'] instead of $smtpOptions['ssl']['cafile'] > > That makes impossible to set up other socket options documented here: > http://fr2.php.net/manual/fr/context.socket.php > > I did not meant to use them, but I just note the change, in case you did > not make it on purpose. I made the change on purpose, however, on second thought, it would probably be best to have the flexibility of letting the administrator apply the global options as well. I just reverted to the way you had originally proposed. Changes are in SVN. Thanks again. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
From: Emmanuel D. <ma...@ne...> - 2014-01-21 09:00:04
|
On Mon, Jan 20, 2014 at 07:47:54PM -0800, Paul Lesniewski wrote: > I made the change on purpose, however, on second thought, it would > probably be best to have the flexibility of letting the administrator > apply the global options as well. I just reverted to the way you had > originally proposed. Changes are in SVN. Shouldn't you revert the option name as well? $smtpSslOptions contains non SSL stuff now. $smtpOptions seems mor coherent. But I am getting picky, this is not a real issue. -- Emmanuel Dreyfus ma...@ne... |
From: Paul L. <pa...@sq...> - 2014-01-21 22:46:23
|
On Tue, Jan 21, 2014 at 12:59 AM, Emmanuel Dreyfus <ma...@ne...> wrote: > On Mon, Jan 20, 2014 at 07:47:54PM -0800, Paul Lesniewski wrote: >> I made the change on purpose, however, on second thought, it would >> probably be best to have the flexibility of letting the administrator >> apply the global options as well. I just reverted to the way you had >> originally proposed. Changes are in SVN. > > Shouldn't you revert the option name as well? $smtpSslOptions contains > non SSL stuff now. $smtpOptions seems mor coherent. > > But I am getting picky, this is not a real issue. No, no problem, I appreciate attention to detail myself. I just changed to $smtp_stream_options and $imap_stream_options Thanks -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |